[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] New TCP-stack-exploit a hoax

On Fri, 18 Oct 2002, GentooRulez wrote:

> >> BTW. If i've a stateful inspection of my ip-packets and drop
> >> all packets not related to a connection i established such fragmented
> >> packets mentioned should not care me ?!? OR am i FALSE ??
> >Why? Connection-tracking could be buggy too? ;-)
> Thats not what a asked. Assuming conn-track works fine and my
> ip-filter decides to drop the package. When will this take place ?
> Before defragmenting packet or with defragmented packets,. The
> last case means such an exploit would work.
Thats more than theoretical. If you do not know where the
bug is (if there is one) then why making the assumption
that part X is safe? It will probably only put you into
wrong feeling of security if such a bug really exists. Who tells
that such a fragmented packet does not belong to a connection
at all? :) If you have a public webserver I guess its easy to
have fragmented packets for a tracked connection.
Anyway, its probably not necessary to discuss that if noone
knows any details.


~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here